Vulnerability Disclosure Policy

For Shrota.in & Shrota Mobile Application

Operated by Shravanam Soft Solutions LLP

Effective Date: 02/02/2026

At Shravanam Soft Solutions LLP, we take the security of our systems and user data seriously. This Vulnerability Disclosure Policy ("Policy") outlines how security researchers and users can responsibly report potential security vulnerabilities in Shrota.in and the Shrota Mobile Application ("Service").

We welcome responsible disclosure and appreciate the efforts of the security community in helping us keep Shrota secure.

1. Scope

This policy applies to:

  • Website: https://shrota.in
  • Shrota Mobile Application (Android/iOS)
  • APIs and related infrastructure owned by Shravanam Soft Solutions LLP

2. Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please report it to us as soon as possible.

Report via Email:

myshrota@gmail.com

Please include:

  • A detailed description of the issue
  • Steps to reproduce the vulnerability
  • Affected URLs or endpoints
  • Screenshots or proof of concept (if available)

3. Responsible Disclosure Guidelines

We request that you:

  • Do not exploit the vulnerability beyond what is necessary to prove it exists
  • Do not access or modify user data
  • Do not perform denial-of-service (DoS) attacks
  • Do not publicly disclose the vulnerability until we have fixed it

4. Our Commitment

When you report a vulnerability responsibly, we commit to:

  • Acknowledge your report within a reasonable time
  • Investigate and validate the issue
  • Work on a fix as quickly as possible
  • Keep you informed about progress

5. Safe Harbor

We consider security research conducted in accordance with this policy to be:

  • Authorized
  • In good faith
  • Not subject to legal action

As long as you follow this policy, we will not pursue legal action against you.

6. Exclusions

The following are not considered vulnerabilities:

  • Social engineering or phishing attacks
  • Physical attacks on offices or employees
  • Denial of service (DDoS) testing
  • Spam or brute force attacks
  • Vulnerabilities in third-party services

7. No Bug Bounty Program

Currently, Shrota does not offer a paid bug bounty program. However, we sincerely appreciate and acknowledge all responsible disclosures.

8. Policy Updates

This policy may be updated from time to time. The latest version will always be available on Shrota.in.

9. Contact Information

For security-related issues, contact:

Firm Name: Shravanam Soft Solutions LLP

Email: myshrota@gmail.com

Website: https://shrota.in

Address: Jijau Colony, Hanuman Nagar, Daund Road, Ahilyanagar, Maharashtra, India, Pin 414005

We believe in responsible security research and collaboration to keep Shrota safe for everyone.